http://threatpost.com/en_us/blogs/ie-9-falls-pair-zero-days-pwn2own-030812#.T1o-COGBntQ.twitter
The same team that brought down Google's Chrome browser at the hacker contest Pwn2Own @ the CanSecWest conference (Google also offered $1M at this event for Chrome exploits) has now brought down IE9, bypassing the DEP, ASRL and Protected Mode (sandbox) protections in the process, by using two zero-day vulnerabilities they discovered and exploited. While they'll be fully disclosing one of the vulnerabilities they'll be keeping the Protected Mode Bypass vulnerability to themselves and their paying customers (mostly govt's), as it's worth a LOT more than the $60,000 on offer. They also brought zero-day vulnerabilities for Apple's Safari and Mozilla's Firefox browsers, but didn't have to use them as they already had a big enough lead (124pts) after conquering both Chrome and IE9, so they too will remain private in the teams hands.
Young Guns: The crack Vulnerability Research team from VUPEN, winners of Pwn2Own 2012:
The same team that brought down Google's Chrome browser at the hacker contest Pwn2Own @ the CanSecWest conference (Google also offered $1M at this event for Chrome exploits) has now brought down IE9, bypassing the DEP, ASRL and Protected Mode (sandbox) protections in the process, by using two zero-day vulnerabilities they discovered and exploited. While they'll be fully disclosing one of the vulnerabilities they'll be keeping the Protected Mode Bypass vulnerability to themselves and their paying customers (mostly govt's), as it's worth a LOT more than the $60,000 on offer. They also brought zero-day vulnerabilities for Apple's Safari and Mozilla's Firefox browsers, but didn't have to use them as they already had a big enough lead (124pts) after conquering both Chrome and IE9, so they too will remain private in the teams hands.
Young Guns: The crack Vulnerability Research team from VUPEN, winners of Pwn2Own 2012: